Bug#1125369: uwsgi-plugin-ruby: Incompatibility with ruby-rack 3.x causing some http headers to format wrong

Mike Abrahall Mon, 12 Jan 2026 20:05:15 -0800

Package: uwsgi-plugin-ruby
Version: 2.0.28+8+0.0.2+b1
Severity: normal

Dear Maintainer,


I've been running Redmine through uwsgi (better socket activation than
Passenger) and noticed that some of the cookies being sent to the browser
were wrong.
I'd expect a header like:

    Set-Cookie: autologin=[secret];secure

Instead I got a header like:

    Set-Cookie: ["autologin=[secret];secure"]


I believe this is the exact same bug with Passenger: 
https://github.com/phusion/passenger/issues/2503
And the fix for that is here: 
https://github.com/phusion/passenger/commit/7353892025f245b1f29a35d4337cc0a152aa1bb8

Also note the ruby-rack upgrade guide mentions this: 
https://github.com/rack/rack/blob/v3.1.18/UPGRADE-GUIDE.md#:~:text=There%20is%20one%20changed%20feature%20in%20Rack%203%20which%20is%20not%20backwards%20compatible%3A
> There is one changed feature in Rack 3 which is not backwards compatible:
>
> - Response header values can be an Array to handle multiple values (and no 
> longer supports \n encoded headers).
>
> You can achieve compatibility by using Rack::Response#add_header which 
> provides an interface for adding headers without concern for the underlying 
> format.


I've worked around this for my own purposes by adapting the code block
suggested by 'pcantrell' in the above mentioned Passenger bug report:
https://github.com/phusion/passenger/issues/2503#issuecomment-2370192659
But as I understand it, this issue should be solved at the uwsgi/rack
layer, not in the ruby application.


-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.57+deb13-cloud-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages uwsgi-plugin-ruby depends on:
ii  libc6                                                    2.41-12+deb13u1
ii  libruby3.3                                               3.3.8-2
ii  ruby-rack                                                3.1.18-1~deb13u1
ii  uwsgi-core [uwsgi-abi-fd03c85edfee33327ac760f246543e10]  2.0.28-9

uwsgi-plugin-ruby recommends no packages.

uwsgi-plugin-ruby suggests no packages.

-- no debconf information

Bug#1125369: uwsgi-plugin-ruby: Incompatibility with ruby-rack 3.x causing some http headers to format wrong

Reply via email to